On Sun, 2014-05-25 at 11:37 +0800, anc...@gmail.com wrote:
> Thank you for your info.
>
> I do apt to conclude this as a "false positive", but clamav-0.98.1 does not
> yield "high threat" warnings under the same scan conditions :
And you back-rev'd and installed 0.98.1 and rescanned. I'm wondering if
the scanner updated its rules or signatures or plugin used to detect.
Sometimes they get a bit overzealous in changes and step over the
line... especially with CVSS of 7 or higher. It is worth looking to to
figure out when the plugin was updated.
> > NVT: SMTP antivirus scanner DoS
> > OID: 1.3.6.1.4.1.25623.1.0.11036
> > Threat: Log (CVSS: 7.2)
> > Port: smtp (25/tcp)
> > submission (587/tcp)
> >
> > For some reason, we could not send the 42.zip file to this MTA
> >
> > Vulnerability Detection Method:
> > Details:
> > SMTP antivirus scanner DoS
> > (OID: 1.3.6.1.4.1.25623.1.0.11036)
>
> I wish some expert can account for this difference before the "false
> positive" conclusion.
>
--
greg folkert - systems administration and support
web: donor.com
email: g...@donor.com
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"There is always the need to carry on."
-- Marjory Stoneman Douglas
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
